1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help

Linear Mode
escaping names
TwinkiDaBoss
Gangsta
*****
Posts: 803
Threads: 138
Joined: Jul 2014
Reputation: 0
#3

19.11.2016, 15:10
Quote:

%e
escapes the string if you are using threaded queries

SA:MP doesnt escape strings anywhere since its not built specially for SQL. Same as most programming/scripting languages.

There are many types of SQL injections therefore forbing characters straight on by SA:MP would be somewhat impossible.


Example:
Quote:

SELECT fieldlist FROM table WHERE field = 'x' AND email IS NULL; --
tldr mysql_real_escape_string, '%e' and even more. Escape the string manually and there you go.


Also, as far as I know most of the special characters that you would use to do a injection attack are impossible to be added as a default name in SA:MP but there are advanced SQL injection attacks that can easily slip between those. Always escape your querries.
Find
Reply
« Next Oldest | Next Newest »


Messages In This Thread
escaping names - by MerryDeer - 19.11.2016, 14:10
Re: escaping names - by BiosMarcel - 19.11.2016, 14:18
Re: escaping names - by TwinkiDaBoss - 19.11.2016, 15:10

Forum Jump:


Users browsing this thread: 1 Guest(s)
  1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help